arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Always scrub data before passing it to mysql

Browse Source
This commit is contained in:
dave 2009-09-17 05:53:47 +00:00
parent 0a9053181c
commit abd1fda6fe
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
admin/award_awards.php
View File

@ -99,8 +99,9 @@
mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'"); mysql_query("DELETE FROM award_awards_projectcategories WHERE award_awards_id='$id'");
foreach($_POST['categories'] AS $key=>$cat) { foreach($_POST['categories'] AS $key=>$cat) {
$c = intval($cat);
mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year) mysql_query("INSERT INTO award_awards_projectcategories (award_awards_id,projectcategories_id,year)
VALUES ('$id','$cat','{$config['FAIRYEAR']}')"); VALUES ('$id','$c','{$config['FAIRYEAR']}')");
} }
//wipe out any old award-divisions links //wipe out any old award-divisions links
@ -108,8 +109,9 @@
//now add the new ones //now add the new ones
foreach($_POST['divisions'] AS $key=>$div) { foreach($_POST['divisions'] AS $key=>$div) {
$d = intval($div);
mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year) mysql_query("INSERT INTO award_awards_projectdivisions (award_awards_id,projectdivisions_id,year)
VALUES ('$id','$div','{$config['FAIRYEAR']}')"); VALUES ('$id','$d','{$config['FAIRYEAR']}')");
} }
happy_("Saved."); happy_("Saved.");
exit; exit;